Channels

Services

Chrome 12 arrives – "safer and snazzier"

Google has announced the release of Chrome 12, for all platforms, into its Stable Channel. Previously only available in the WebKit-based browser's beta channel, Chrome 12 adds a number of new features, some of which enhance security, and addresses a total of 15 security vulnerabilities.

The latest stable channel update, labelled 12.0.742.91, has several new features including support for hardware accelerated 3D CSS which allows web developers to apply 3D effects to page content using CSS – an online demo video is available on Google's Chrome Experiments web site. Screen reader support for the blind or visually impaired has been improved. Users can now also use the Omnibox URL bar to launch Chrome Web Apps and Sync has been integrated into the settings pages. The Google Gears plug-in has been removed from the browser as it was discontinued earlier this year.

Chrome 12 on Mac OS X
Several security enhancements have also been made in Chrome 12. In addition to protecting users against malware and phishing web sites, version 12 of Chrome further improves browser security by warning users before they download some types of malicious files, such as .exe files. The feature is essentially an extension of Google's Safe Browsing API, which involves querying an additional list of malicious download links.

Users can now delete Adobe Flash Player Local Shared Objects (LSO), also known as "Flash cookies", as well as being able to delete standard cookies. Typically, unlike browser cookies, these Flash cookies cannot simply be disabled or deleted via browser settings; Chrome is able to delete them using a new API that allows browsers to manage these cookies.

This functionality can be accessed from directly within the browser by clicking Wrench > Tools > Clear browsing data and selecting "Delete cookies and other site and plug-in data" – alternatively, users can type chrome://settings/clearBrowserData into the browser's URL bar. Further information about Flash cookie protection in Chrome can be found in an earlier report.

In Chrome 12, users can access the Clear Browsing Data menu by clicking Wrench > Tools > Clear browsing data
According to Google, 5 of the 15 security vulnerabilities are rated as 'high-risk' and include use-after-free errors, issues with stale pointers, and same origin bypass holes in V8, the JavaScript engine used in Chrome. In its blog post, Google calls "particular attention" to the same origin bypass holes – for which Sergey Glazunov was rewarded $3,133.70 – noting that "Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date."

Other holes that have been closed include extension injection bugs, browser memory corruption in history deletion and uninitialised pointers. In all, Google paid out nearly $10,000 as part of its Chromium Security Reward programme for reporting these vulnerabilities. As usual, further details of the vulnerabilities are being withheld until "a majority of users are up-to-date with the fix". All users are encouraged to update to the latest release as soon as possible.

Further information about the stable branch release, including a full list of security fixes, can be found in a post on the Google Chrome Releases blog by developer Jason Kersey. Chrome 12.0.742.91 is available to download for Windows, Mac OS X and Linux from google.com/chrome. Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.